I found this interesting article recently talking about the data breach involving Lincoln Medical Center, Siemens, and FedEx. (link below) The story is an excellent illustration of the new challenge for covered entities (CE).
If the recent rules proposed by HHS go through as expected a CE is responsible for their business associates (BA) and the BAs and their subcontractors are required to be HIPAA HITECH compliant, Many of these BAs and sub-contractors who also become BAs have never heard of HIPAA HITECH.
HHS estimates 1 to 2 million new BAs will need to become compliant. HHS also states that if a BA agreement exists they expect the BA to be compliant with the terms of their agreements, now. No waiting periods, no grace periods, be compliant, now.
The next big challenge for both CEs and BAs is proving compliance. There is no third party with authority to certify or accredit for HIPAA HITECH. The BA needs to prove their compliance in order to get and keep their business relationships in healthcare.
The CE is required to only do business with compliant BAs. Our Compliance Metertm fills the gap by displaying the current level of compliance in four areas, policies, procedures, forms, and tasks.
At a glance the CE can see whether the BA is compliant and if necessary drill down to view their policies, procedures, forms, and determine whether they have completed all of their assigned tasks. The Helper assigned to the account also provides oversight.
We can help BAs get compliant for as little as $125 and stay compliant for as little as $35 per month. This meets the "reasonable and appropriate" criterion specified by HHS.
Once they are compliant they can display the Compliance Metertm or deploy it to their business partners. A simple, cost effective and efficient method of meeting HIPAA HITECH standards and being able to prove it.
Cross-posted from Compliance Helper